Do you feel lucky? Well… do you?
Cyber insurance can be an extra financial burden on already-stretched small businesses. Some companies think they don’t need it because they spend their money on cyber security tools instead. And certainly, cyber insurance can be a complicated and daunting task if you aren’t accustomed to thinking about your cyber risk.
And risk is, of course, the key to making a decision about cyber insurance.
Understanding of cyber risk and controls
Cyber insurance typically encourages (or, often, insists on) the implementation of cyber security controls to reduce the risk of a successful attack.
The implementation of these controls does mean you are less likely to succumb to an attack, but also has a secondary benefit.
Many small business owners think that they are not a target—or that they would have the resilience to survive an attack. Sometimes, the process of working through these insurance requirements makes a business become more aware of their cyber risks.
Being able to demonstrate this understanding of your business’ cyber risk (perhaps by becoming Cyber Essentials certified) to prospective clients can support the reputation of the business.
Financial support and cyber expertise
Cyber insurance can provide financial support to cover immediate expenses in the wake of an attack. This might be, for example, the cost of hiring professionals to investigate problems and to restore damaged systems, or of replacement equipment. This financial assistance can help your business to survive the attack, and continue to operate.
As well as financial support, cyber insurance may provide access to cyber expertise, to help your business to respond to, and recover from, an attack. If you don’t have inhouse cyber expertise, this can be invaluable.
Cyber insurance challenges
However, as with all insurance, it is important to understand what will (or won’t) be covered by a particular policy, and what the specific risks are that your business faces. Just as for other insurance policies, your situation may not be the same as your neighbour’s. Non-cyber examples:
- There’s no point paying for pet insurance if you don’t have a pet.
- Or in paying twice for travel insurance: once through your bank account benefits and again by buying a dedicated travel insurance policy.
Policies may be written with a lack of clarity, or possibly designed for larger companies. And if your business doesn’t have an understanding of cyber security, it may be difficult to understand what the policy—or even the application questionnaire designed to assess your cyber risk—is talking about.
The National Cyber Security Centre has some sound advice on cyber insurance, which we recommend you look at. They point out that cyber insurance will not prevent an attack, or solve all your cyber security issues. Just as you’d still lock up your house, even if you have contents insurance in place, you will need to keep suitable cyber security measures in place—because the risk of an attack still exists.
We know that you are busy working on your business, and may not be able to find time to work through any cyber issues. If you’d like assistance in conducting a risk assessment for your business, do contact the Click and Protect team on 0113 733 6230.
Note that we don’t offer cyber insurance, or make product recommendations. As an independent consultancy, we can be objective about the risks that your business faces.